Risk Management Framework Engineer

General information

Description & Requirements

MANTECH seeks a motivated, career and customer-oriented Senior Risk Management Framework Engineer to join our team in Norfolk, VA. This position is an onsite position.

Join the Navy's Continuous Training Environment (NCTE) program and contribute to the evolution of warfighter readiness. We provide critical engineering and technical expertise for the U.S. Navy's premier Live, Virtual, Constructive (LVC) training capability. Our work involves seamlessly integrating live training with synthetic systems to create highly realistic and complex global training environments. We also drive the development of advanced representations for joint, theater, and national systems, and model new weapons technologies and emerging threats, ensuring our forces are prepared for any challenge.

Responsibilities include but are not limited to:

• Serve as the lead advisor on RMF implementation across system lifecycles and manage workload for team members to meet established timelines

• Conduct security categorization, control selection, implementation, and assessment in accordance with NIST SP 800-53 and DoDI 8510.01

• Prepare and maintain RMF documentation, including the System Security Plan (SSP), Plan of Action & Milestones (POA&M), and Security Assessment Reports (SAR)

• Guide system owners through the RMF steps to achieve full 3-year Authorization to Operate (ATO)

• Collaborate with security control assessors (SCAs) and NQV’s to coordinate risk assessments and validation testing

• Identify, document, and mitigate system vulnerabilities using tools such as Enterprise Mission Assurance Support Service (eMASS), Assured Compliance Assessment Solution (ACAS), and Security Technical Implementation Guidelines (STIG’s)

• Expert level experience in maintaining continuous monitoring strategies and conducting periodic reviews in accordance with DoD and NIST guidelines

• Provide training on RMF processes and cybersecurity best practices to junior staff and stakeholders

• Maintain up to date evolving DoD cybersecurity policy, threat landscape, and risk mitigation techniques

• Create Standard Operating Procedures (SOPs), internal process documents, and input cyber policies that support the continuous monitoring of accredited information systems

Minimum Qualifications:

• BS or BA degree in Computer Science, Information Systems, Cybersecurity, or a related discipline; an additional 6 years of RMF experience may be substituted in lieu of degree

• 7+ years of experience working within RMF environments, particularly supporting federal or DoD system

• Experience in NIST SP 800-series publications, especially SP 800-53, 800-37, and 800-30

• Strong knowledge in requesting, obtaining, and reviewing compliance artifacts to assist in executing security and privacy controls testing such as security plans, SOPs, system screenshots, and system configuration settings

• CASP+, CISSP, or CISM certification

Clearance Requirements:

• Active Secret clearance with the ability to obtain a TS/SCI clearance

Physical Requirements:

• Must be able to remain in a stationary position 50%.

• Needs to occasionally move about inside the office to access file cabinets, office machinery, etc.

• Often positions self to maintain computers in the lab, including under the desks and in the server closet.

• Frequently communicates with co-workers, management and customers, which may involve delivering presentations. Must be able to exchange accurate information in these situations.